CVE-2009-3607

Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppler 0.x allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.  NOTE: some of these details are obtained from third party information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
popplerpoppler
0.1
popplerpoppler
0.1.1
popplerpoppler
0.1.2
popplerpoppler
0.2.0
popplerpoppler
0.3.0
popplerpoppler
0.3.1
popplerpoppler
0.3.2
popplerpoppler
0.3.3
popplerpoppler
0.4.0
popplerpoppler
0.4.1
popplerpoppler
0.4.2
popplerpoppler
0.4.3
popplerpoppler
0.4.4
popplerpoppler
0.5.0
popplerpoppler
0.5.1
popplerpoppler
0.5.2
popplerpoppler
0.5.3
popplerpoppler
0.5.4
popplerpoppler
0.5.9
popplerpoppler
0.5.90
popplerpoppler
0.5.91
popplerpoppler
0.6.0
popplerpoppler
0.6.1
popplerpoppler
0.6.2
popplerpoppler
0.6.3
popplerpoppler
0.6.4
popplerpoppler
0.7.0
popplerpoppler
0.7.1
popplerpoppler
0.7.2
popplerpoppler
0.7.3
popplerpoppler
0.8.0
popplerpoppler
0.8.1
popplerpoppler
0.8.2
popplerpoppler
0.8.3
popplerpoppler
0.8.4
popplerpoppler
0.8.5
popplerpoppler
0.8.6
popplerpoppler
0.8.7
popplerpoppler
0.9.0
popplerpoppler
0.9.1
popplerpoppler
0.9.2
popplerpoppler
0.9.3
popplerpoppler
0.10.0
popplerpoppler
0.10.1
popplerpoppler
0.10.2
popplerpoppler
0.10.3
popplerpoppler
0.10.4
popplerpoppler
0.10.5
popplerpoppler
0.10.6
popplerpoppler
0.10.7
popplerpoppler
0.11.0
popplerpoppler
0.11.1
popplerpoppler
0.11.2
popplerpoppler
0.11.3
popplerpoppler
0.12.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
poppler
bookworm
22.12.0-2
fixed
bullseye
20.09.0-3.1+deb11u1
fixed
bullseye (security)
20.09.0-3.1+deb11u1
fixed
sid
24.08.0-3
fixed
trixie
24.08.0-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
poppler
dapper
Fixed 0.5.1-0ubuntu7.6
released
hardy
Fixed 0.6.4-1ubuntu3.3
released
intrepid
Fixed 0.8.7-1ubuntu0.4
released
jaunty
Fixed 0.10.5-1ubuntu2.4
released
karmic
Fixed 0.12.0-0ubuntu2.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libpoppler-cpp0
suse enterprise desktop 15
0.62.0-2.33
fixed
suse enterprise desktop 15 SP1
0.62.0-2.33
fixed
suse enterprise sap 15
0.62.0-2.33
fixed
suse enterprise sap 15 SP1
0.62.0-2.33
fixed
suse enterprise server 15
0.62.0-2.33
fixed
suse enterprise server 15 SP1
0.62.0-2.33
fixed
libpoppler-devel
suse enterprise desktop 15
0.62.0-2.33
fixed
suse enterprise desktop 15 SP1
0.62.0-2.33
fixed
suse enterprise sap 15
0.62.0-2.33
fixed
suse enterprise sap 15 SP1
0.62.0-2.33
fixed
suse enterprise server 15
0.62.0-2.33
fixed
suse enterprise server 15 SP1
0.62.0-2.33
fixed
libpoppler-glib-devel
suse enterprise desktop 15
0.62.0-2.33
fixed
suse enterprise desktop 15 SP1
0.62.0-2.33
fixed
suse enterprise sap 15
0.62.0-2.33
fixed
suse enterprise sap 15 SP1
0.62.0-2.33
fixed
suse enterprise server 15
0.62.0-2.33
fixed
suse enterprise server 15 SP1
0.62.0-2.33
fixed
libpoppler-glib8
suse enterprise desktop 15
0.62.0-2.33
fixed
suse enterprise desktop 15 SP1
0.62.0-2.33
fixed
suse enterprise sap 12 SP5
0.43.0-16.15.1
fixed
suse enterprise sap 15
0.62.0-2.33
fixed
suse enterprise sap 15 SP1
0.62.0-2.33
fixed
suse enterprise server 12 SP2
0.43.0-15.1
fixed
suse enterprise server 12 SP4
0.43.0-16.15.1
fixed
suse enterprise server 12 SP5
0.43.0-16.15.1
fixed
suse enterprise server 15
0.62.0-2.33
fixed
suse enterprise server 15 SP1
0.62.0-2.33
fixed
libpoppler-qt4-4
suse enterprise sap 12 SP5
0.43.0-16.15.1
fixed
suse enterprise server 12 SP2
0.43.0-15.1
fixed
suse enterprise server 12 SP4
0.43.0-16.15.1
fixed
suse enterprise server 12 SP5
0.43.0-16.15.1
fixed
libpoppler44
suse enterprise server 12 SP2
0.24.4-12.1
fixed
libpoppler60
suse enterprise sap 12 SP5
0.43.0-16.15.1
fixed
suse enterprise server 12 SP2
0.43.0-15.1
fixed
suse enterprise server 12 SP4
0.43.0-16.15.1
fixed
suse enterprise server 12 SP5
0.43.0-16.15.1
fixed
libpoppler73
suse enterprise desktop 15
0.62.0-2.33
fixed
suse enterprise desktop 15 SP1
0.62.0-2.33
fixed
suse enterprise sap 15
0.62.0-2.33
fixed
suse enterprise sap 15 SP1
0.62.0-2.33
fixed
suse enterprise server 15
0.62.0-2.33
fixed
suse enterprise server 15 SP1
0.62.0-2.33
fixed
poppler-tools
suse enterprise desktop 15
0.62.0-2.33
fixed
suse enterprise desktop 15 SP1
0.62.0-2.33
fixed
suse enterprise sap 12 SP5
0.43.0-16.15.1
fixed
suse enterprise sap 15
0.62.0-2.33
fixed
suse enterprise sap 15 SP1
0.62.0-2.33
fixed
suse enterprise server 12 SP2
0.43.0-15.1
fixed
suse enterprise server 12 SP4
0.43.0-16.15.1
fixed
suse enterprise server 12 SP5
0.43.0-16.15.1
fixed
suse enterprise server 15
0.62.0-2.33
fixed
suse enterprise server 15 SP1
0.62.0-2.33
fixed
typelib-1_0-Poppler-0_18
suse enterprise desktop 15
0.62.0-2.33
fixed
suse enterprise desktop 15 SP1
0.62.0-2.33
fixed
suse enterprise sap 15
0.62.0-2.33
fixed
suse enterprise sap 15 SP1
0.62.0-2.33
fixed
suse enterprise server 15
0.62.0-2.33
fixed
suse enterprise server 15 SP1
0.62.0-2.33
fixed
Common Weakness Enumeration
References
http://cgit.freedesktop.org/poppler/poppler/commit/?id=c839b706
http://secunia.com/advisories/37054
http://secunia.com/advisories/37114
http://secunia.com/advisories/37159
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1
http://www.debian.org/security/2009/dsa-1941
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
http://www.openwall.com/lists/oss-security/2009/12/01/1
http://www.openwall.com/lists/oss-security/2009/12/01/5
http://www.openwall.com/lists/oss-security/2009/12/01/6
http://www.securityfocus.com/bid/36718
http://www.ubuntu.com/usn/USN-850-1
http://www.ubuntu.com/usn/USN-850-3
http://www.vupen.com/english/advisories/2009/2925
https://bugzilla.redhat.com/show_bug.cgi?id=526924
https://exchange.xforce.ibmcloud.com/vulnerabilities/53801
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html
http://cgit.freedesktop.org/poppler/poppler/commit/?id=c839b706
http://secunia.com/advisories/37054
http://secunia.com/advisories/37114
http://secunia.com/advisories/37159
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1
http://www.debian.org/security/2009/dsa-1941
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
http://www.openwall.com/lists/oss-security/2009/12/01/1
http://www.openwall.com/lists/oss-security/2009/12/01/5
http://www.openwall.com/lists/oss-security/2009/12/01/6
http://www.securityfocus.com/bid/36718
http://www.ubuntu.com/usn/USN-850-1
http://www.ubuntu.com/usn/USN-850-3
http://www.vupen.com/english/advisories/2009/2925
https://bugzilla.redhat.com/show_bug.cgi?id=526924
https://exchange.xforce.ibmcloud.com/vulnerabilities/53801
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html